Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

 
: Naiakshina, Alena; Danilova, Anastasia; Tiefenau, Christian; Herzog, Marco; Smith, Matthew

:
Volltext (PDF; )

Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Security, Audit and Control -SIGSAC-:
CCS 2017, ACM SIGSAC Conference on Computer and Communications Security. Proceedings : Dallas, Texas, USA, October 30 - November 03, 2017
New York: ACM, 2017
ISBN: 978-1-4503-4946-8
S.311-328
Conference on Computer and Communications Security (CCS) <2017, Dallas/Tex.>
Englisch
Konferenzbeitrag, Elektronische Publikation
Fraunhofer FKIE ()

Abstract
Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better policies and motivating research into alternatives. However, end-users are not the only ones who have usability problems with passwords! Developers who are tasked with writing the code by which passwords are stored must do so securely. Yet history has shown that this complex task often fails due to human error with catastrophic results. While an end-user who selects a bad password can have dire consequences, the consequences of a developer who forgets to hash and salt a password database can lead to far larger problems. In this paper we present a first qualitative usability study with 20 computer science students to discover how developers deal with password storage and to inform research into aiding developers in the creation of secure password systems.

: http://publica.fraunhofer.de/dokumente/N-540904.html